sys.column_encryption_key_values (Transact-SQL)
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Returns information about encrypted values of column encryption keys (CEKs) created with either the CREATE COLUMN ENCRYPTION KEY or the ALTER COLUMN ENCRYPTION KEY (Transact-SQL) statement. Each row represents a value of a CEK, encrypted with a column master key (CMK).
| Column name | Data type | Description |
|---|---|---|
| column_encryption_key_id | int | ID of the CEK in the database. |
| column_master_key_id | int | ID of the column master key that was used to encrypt the CEK value. |
| encrypted_value | varbinary(8000) | CEK value encrypted with the CMK specified in column_master_key_id. |
| encryption_algorithm_name | sysname | Name of an algorithm used to encrypt the CEK value. Name of the encryption algorithm used to encrypt the value. The algorithm for the system providers must be RSA_OAEP. |
Permissions
Requires the VIEW ANY COLUMN ENCRYPTION KEY permission.
The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.
See Also
CREATE COLUMN ENCRYPTION KEY (Transact-SQL)
ALTER COLUMN ENCRYPTION KEY (Transact-SQL)
DROP COLUMN ENCRYPTION KEY (Transact-SQL)
CREATE COLUMN MASTER KEY (Transact-SQL)
Security Catalog Views (Transact-SQL)
sys.column_encryption_keys (Transact-SQL)
sys.column_master_keys (Transact-SQL)
sys.columns (Transact-SQL)
Always Encrypted
Always Encrypted with secure enclaves
Overview of Key Management for Always Encrypted
Manage keys for Always Encrypted with secure enclaves